Server-side injection - Digital Guardian Agent X-dg headers cause 552 5.3.4 error - Signature 365

On Windows machines with Digital Guardian Agent installed, emails sent using Outlook can have numerous x-dg-ref headers added containing email and attachment classification information.

This can cause emails with large numbers of attachments to exceed the header size limit of Exchange.

When sending using server-side injection, Microsoft apply differing header size limitations to inbound and outbound connectors. This can cause emails to be correctly delivered to the Signature 365 servers from Exchange online, but cause Exchange to fail receipt when returned from the service with the following error:

Note

ERROR: Failed to send the email: The mail message data has been rejected by the server. The server responded: 552 5.3.4 Header size exceeds fixed maximum size [DX1PEPF000003EF.AREP273.PROD.OUTLOOK.COM]

As a result the Signature 365 service is unable to relay emails back to Exchange, and an NDR is delivered to the sender detailing this fact.

To resolve this issue, the article below from Fortra explains how to update the configuration settings within Digital Guardian to prevent these x-dg headers from being added to emails. Due to the hard size limit on email headers within Exchange, this must be completed in order to guarantee delivery of email when using server-side injection.

Digital Guardian Agent X Headers on Emails Causes Mail Server Rejection

Removing the Signature 365 Mailflow rule and Exchange Connectors

Remove Signature 365 mailflow rules and Exchange Online connectors in the correct order.

Signature 365 transport agent debug log file

Generate a detailed debug log for the Signature 365 Transport Agent.